[1]redhat.com   [2]Home | [3]Products &
   Services | [4]Store | [5]Download | [6]Support    ________ Search
   [7][LINK] 
   [8]Product Support: Installation Support
   
         o [9]main o [10]hardware compatibility o [11]Linux tips, tricks
   & howtos
         o [12]manuals & guides o updates, fixes & errata
   
   
   
   
   Red Hat, Inc. Security Advisory
     _________________________________________________________________
   
   Package pump
     _________________________________________________________________
   
   Synopsis Bugs fixed in pump (DHCP client) [CORRECTION]
     _________________________________________________________________
   
   Advisory ID RHSA-1999:027-02
     _________________________________________________________________
   
   Issue Date 1999-08-11
     _________________________________________________________________
   
   Updated on 1999-08-14
     _________________________________________________________________
   
   Keywords pump DHCP RoadRunner @Home
     _________________________________________________________________
   
   1. Topic:
   New version of pump, 0.7.0, fixes several problems, including a
   potential security hole. We strongly recommend that all users using
   DHCP upgrade to pump 0.7.0, particularly if you use DHCP on a public
   network such as a cable modem or ADSL service.
   
   This is a correction to our previous announcement, which did not
   mention the security bug that is fixed in pump 0.7.0.
   
   2. Bug IDs fixed:
   3263
   
   3. Relevant releases/architectures:
   Red Hat Linux 6.0, all architectures
   
   4. Obsoleted by:
   None
   
   5. Conflicts with:
   None
   
   6. RPMs required:
   
   Intel:
   
   [13]ftp://updates.redhat.com/6.0/i386/
   
   [14]pump-0.7.0-1.i386.rpm
   
   Alpha:
   
   [15]ftp://updates.redhat.com/6.0/alpha
   
   [16]pump-0.7.0-1.alpha.rpm
   
   SPARC:
   
   [17]ftp://updates.redhat.com/6.0/sparc
   
   [18]pump-0.7.0-1.sparc.rpm
   
   Source:
   
   [19]ftp://updates.redhat.com/6.0/SRPMS
   
   [20]pump-0.7.0-1.src.rpm
   
   Architecture neutral:
   
   [21]ftp://updates.redhat.com/6.0/noarch/
   
   7. Problem description:
   o DHCP did not work with some @Home and RoadRunner (and potentially
   other) servers.
   
   o Some (broken) servers did not return server address properly; in
   these cases, pump now reuses the broadcast address.
   
   o There was a security hole with the potential for a remote root
   exploit in certain configurations where DHCP is used on public
   networks
   
   8. Solution:
   For each RPM for your particular architecture, run:
   
   rpm -Uvh filename
   
   where filename is the name of the RPM.
   
   9. Verification:
 MD5 sum                           Package Name
 -------------------------------------------------------------------------
a93c710c0ce18e79b3dd33d268ae7752  i386/pump-0.7.0-1.i386.rpm
53df0de539645b34ad93272f3b4e6d97  alpha/pump-0.7.0-1.alpha.rpm
d56bac8b659b353894092869782d59cc  sparc/pump-0.7.0-1.sparc.rpm
2f18a5c39cdd327e0406df1ab5308549  SRPMS/pump-0.7.0-1.src.rpm





   These packages are also PGP signed by Red Hat Inc. for security. Our
   key is available at: [22]http://www.redhat.com/corp/contact.html
   
   You can verify each package with the following command:
   
   rpm --checksig filename
   
   If you only wish to verify that each package has not been corrupted or
   tampered with, examine only the md5sum with the following command:
   
   rpm --checksig --nopgp filename
   
   10. References:
     _________________________________________________________________
   
   [23]Home  |  [24]Products & Services  |  [25]Store  |  [26]Download  |
    [27]Product Support
   [28]Partners & Programs  |  [29]Community Center  |  [30]News & Views
   |  [31]Application Marketplace
   [32]Knowledgebase  |  [33]Legal Statement  |  [34]Privacy Statement  |
    [35]Y2K Statement  |  [36]Join  |  [37]Feedback
   
   copyright © 1999 Red Hat, Inc. All rights reserved.

References

   1. http://www.redhat.com/index.html
   2. http://www.redhat.com/index.html
   3. http://www.redhat.com/products/
   4. http://www.redhat.com/commerce/
   5. http://www.redhat.com/download/
   6. http://www.redhat.com/support/
   7. http://ad.doubleclick.net/jump/www.redhat.com/;sz=234x60;ord=N7vy48e3GIwAAF6mIss
   8. http://www.redhat.com/support/
   9. http://www.redhat.com/cgi-bin/support#install
  10. http://www.redhat.com/corp/support/hardware/index.html
  11. http://www.redhat.com/corp/support/docs/index.html
  12. http://www.redhat.com/corp/support/manuals/index.html
  13. ftp://updates.redhat.com/6.0/i386/
  14. ftp://updates.redhat.com/6.0/i386/pump-0.7.0-1.i386.rpm
  15. ftp://updates.redhat.com/6.0/alpha
  16. ftp://updates.redhat.com/6.0/alpha/pump-0.7.0-1.alpha.rpm
  17. ftp://updates.redhat.com/6.0/sparc/
  18. ftp://updates.redhat.com/6.0/sparc/pump-0.7.0-1.sparc.rpm
  19. ftp://updates.redhat.com/6.0/SRPMS/
  20. ftp://updates.redhat.com/6.0/SRPMS/pump-0.7.0-1.src.rpm
  21. ftp://updates.redhat.com/6.0/noarch/
  22. http://www.redhat.com/corp/contact.html
  23. http://www.redhat.com/index.html
  24. http://www.redhat.com/products/
  25. http://www.redhat.com/commerce/
  26. http://www.redhat.com/download/
  27. http://www.redhat.com/cgi-bin/support/
  28. http://www.redhat.com/partners/
  29. http://www.redhat.com/community/
  30. http://www.redhat.com/news/
  31. http://www.redhat.com/appindex/
  32. http://www.redhat.com/knowledgebase/
  33. http://www.redhat.com/legal/legal_statement.html
  34. http://www.redhat.com/legal/privacy_statement.html
  35. http://www.redhat.com/legal/legal_statement.html#y2k
  36. http://www.redhat.com/join/
  37. http://www.redhat.com/feedback.html